CVE-2014-7170

Name of the Vulnerable Software and Affected Versions Puppet Server version 0.2.0

Description A race condition exists, allowing local users to obtain sensitive information by accessing it during a specific time window, namely between package installation or upgrade and the start of the service.

Recommendations For Puppet Server version 0.2.0, consider applying configuration changes to minimize the risk of exploitation, such as restricting access to sensitive information during the installation or upgrade process. At the moment, there is no information about a newer version that contains a fix for this vulnerability.